URL redirection or open redirect.
Vulnerability Name: Open redirect on [Parameter] at [Domain name]
Vulnerability Description: An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.
Steps to Reproduce:
- 1.Go to the [URL]
- 2.Now change the value of [vulnerable param] to attacker.com
- 3.You will be redirected to the attacker-controlled domain.
Snapshots or video link attached.
- 1.It can lead to a Phishing attack.
- 2.An attacker might forcefully download the malware on the victim's machine by redirecting the victim to the attacker's server.
Attack Scenario: Here an attacker can intentionally send the URL to the victim as a part of an email or even a message. As the link starts with the legit domain victim will have no idea of a redirection.
Remediation: If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways:
- Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
- Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.